How Routing Works
Routing is how packets travel from source to destination across networks. Every router along the path makes one decision: “based on the destination IP, which interface should I send this out of?” Multiply that simple decision by billions of routers and you get the internet.
The mental model
Each device with an IP has a routing table — a list of rules that say “for destinations matching this prefix, send packets out this interface to this next hop.” When a packet needs to go somewhere, the device checks its table for the most specific matching rule.
See your routing table
ip route show
# Sample output
default via 192.168.1.1 dev wlan0 proto dhcp
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.42
10.0.0.0/8 via 192.168.1.1 dev wlan0Reading it:
- Line 1: “anything I don’t know how to reach, send via 192.168.1.1 (my default gateway)”
- Line 2: “192.168.1.x is on my local network — send directly out wlan0”
- Line 3: “10.x.x.x — send to my gateway, it’ll figure it out”
The decision algorithm
For an outgoing packet to destination D:
- Search the routing table for the entry whose CIDR most-specifically matches D (“longest prefix match”)
- If found: send the packet to the listed next hop via the listed interface
- If no match: drop the packet, return ICMP “destination unreachable”
Longest prefix match — concrete example
Routing table:
default → router A
10.0.0.0/8 → router B
10.5.0.0/16 → router C
10.5.42.0/24 → router D
Packet destined for 10.5.42.99:
- Matches /24 (most specific) → send to router D
Packet destined for 10.5.99.5:
- Matches /16 → router C
Packet destined for 10.99.0.1:
- Matches /8 → router B
Packet destined for 8.8.8.8:
- Matches default → router AHops
A packet usually traverses many routers between source and destination. Each router-to-router transit is a “hop.” Use traceroute to see them:
traceroute google.com
1 192.168.1.1 (router) 1.2 ms
2 10.10.5.1 (ISP edge) 8.4 ms
3 72.14.215.62 (ISP backbone) 14.5 ms
4 108.170.234.193 (Google edge) 18.2 ms
5 google.com 19.1 msEach hop decrements the packet’s TTL (Time To Live). If TTL hits 0, the packet is dropped — preventing infinite loops if routing tables are misconfigured.
Three categories of routing decisions
1. Directly connected (same subnet)
If destination is on your local subnet, no routing needed. Use ARP to find the MAC address, send directly.
2. Default route (everything else)
If you don’t have a specific entry, use the default gateway (your home router, your ISP, etc.).
3. Specific routes (more nuanced)
Manually configured or learned via routing protocols (BGP, OSPF). Tells you “for THIS specific network, take a different path than default.”
Static vs dynamic routing
- Static — admin types in routes manually. Doesn’t adapt to failures. Fine for small/simple networks.
- Dynamic — routers run protocols (BGP, OSPF, etc.) that automatically discover and maintain routes. Adapts to topology changes. Required at any scale.
Add or remove routes (Linux)
# Add a static route
sudo ip route add 10.10.0.0/16 via 192.168.1.254 dev eth0
# Remove
sudo ip route del 10.10.0.0/16
# Change default gateway
sudo ip route del default
sudo ip route add default via 192.168.1.1
# See which interface a destination would use
ip route get 8.8.8.8Common routing gotchas
- Asymmetric routing — packets go A→B via one path, B→A via another. Breaks stateful firewalls and TCP.
- Routing loops — TTL saves you from death spirals; symptom is mysterious “TTL exceeded” errors.
- Black holes — packets disappear without errors because some router has a wrong route to /dev/null.
- MTU mismatches — works for small packets, fails for big ones because some hop fragments incorrectly.
What to learn next
Static vs dynamic routing — when each is the right choice. Up next.